Richard Chirgwin

Contact Mail Follow Twitter RSS feed
Hammer and Nails

Oh, great, now there's a SECOND remote Rowhammer exploit

Hard on the heels of the first network-based Rowhammer attack, some of the boffins involved in discovering Meltdown/Spectre have shown off their own technique for flipping bits using network requests. With a gigabit connection to the victim, the researchers reckon, they can induce security-critical bit flips using crafted …
Fixed stamp

Mining apps? We're cool so long as they admit to it, says Canonical

Canonical has responded to last week's discovery that its Snap store carried apps containing embedded crypto-currency miners, by pledging to introduce a “verified developer” program. When users complained that apps by Nicholas Tomb included the mining code, they were pulled from the Ubuntu Snap store, with Canonical promising …
DDoS

UPnP joins the 'just turn it off on consumer devices, already' club

Universal Plug 'n' Play, that eternal feast of the black-hat, has been identified as helping to amplify denial-of-service attacks. Researchers at Imperva looked into misbehaving UPnP implementations after spotting odd attack traffic while analysing a Simple Service Discovery Protocol (SSDP, an Internet proposal absorbed into …
Security alert red light

Red Hat admin? Get off Twitter and patch this DHCP client bug

Red Hat has announced a critical vulnerability in its DHCP client and while it doesn't have a brand name it does have a Tweetable proof-of-concept. Discovered by Googler Felix Wilhelm, CVE-2018-1111 is a command injection bug in the Red Hat Enterprise Linux and derivative DHCP clients. Wilhelm Tweeted: “CVE 2018-1111 is a …
Location pin with warning

US senators ask FTC to investigate Google's Location imbroglio

Two US senators have asked the nation's Federal Trade Commission (FTC) to take another look at Google's location harvesting. Democrat Senators Richard Blumenthal and Edward Markey fired off their request-that-can't-be-ignored (PDF) late last week, asking the FTC to “open an investigation into the potential deceptive acts and …
Walking Legs by Shutterstock

Boffins build a 2D 'quantum walk' that's not a computer, but could still blow them away

Do you want to know what a quantum walk is? The reason we ask is that that’s what a group of Chinese researchers have demonstrated, and it’s being hailed as a big thing in the development of quantum computing. The “quantum walk” doesn’t deliver a general purpose quantum computer. Instead it delivers a a quantum simulator which …

Wanna break Microsoft's Edge browser? Google's explained how

Back in February 2018, Google's Project Zero went public with a Microsoft Edge bug that Redmond couldn't fix in time for its next patch release. Now, the Google researcher - Ivan Fratric - has provided a detailed technical explanation of the problem and says Microsoft's fix might not be adequate. Fratric discovered that an …
bomb

Xerox flip-flops on US$6.1 billion Fujifilm flip after investor flap

As expected, Xerox under its activist-investor-controlled board has decided to exit its deal with Fujifilm. Carl Icahn and Darwin Deason, who between them controlled 15 per cent of Xerox stock, objected almost immediately to a US$6.1bn deal they said left them as passive investors in a Fuji subsidiary. The deal involved a …

OpenWrt forums lost as hardware failure again crocks open Wi-Fi router

Open source Wi-Fi firmware project OpenWrt says a hardware fault has taken down its forums, which appear not to be recoverable. The forums disappeared with a simple, and distressing, message: The OpenWrt forum is currently offline due to a hardware problem on the hosting machine. Unfortunately we neither have access to the …
Burning AU$100

NBN dragging Telstra down, carrier wants 5G to haul it up again

Australia's National Broadband Network (NBN) continues to white-ant the business of dominant local carrier Telstra, which yesterday cut its earnings guidance yesterday. It's hardly good news for the company building the NBN, nbn™, because while Telstra added 38,000 subs in the third quarter of 2018, what those users are …
A Ransom Note

Family Planning office warns customers private parts may be exposed

The Australian State of New South Wales' reproductive and sexual health organisation Family Planning NSW has advised users of an April 2018 ransomware attack that may have compromised sensitive information. The agency apparently retained web form messages on the public-facing server, meaning if its database was breached, …

Ubuntu sends crypto-mining apps out of its store and into a tomb

Admins of the Ubuntu Store have pulled all apps from a developer who signed himself "Nicholas Tomb", and from his e-mail signature apparently wanted to crypto-mine himself into a Ferrari. Mr Tomb's "2048buntu" and "Hextris" applications are now absent from the store, with their removal sparked by a GitHub comment about the …
the hard way and the easy way

OpenFlow protocol bug to get mitigations, not a rewrite

The Open Networking Foundation is moving to address the protocol vulnerability revealed last week in OpenFlow, but won't revise the protocol. Not yet, anyway. The issue, discovered by a group of European researchers, was that switches weren't authenticated to controllers – meaning a bad actor could get at communications if …
Atom with nucleus and electrons

Have you updated your Electron app? We hope so. There was a bad code-injection bug in it

Electron – the widely used desktop application framework that renders top programs such as Slack, Atom, and Visual Studio Code – suffered from a security vulnerability that potentially allows miscreants to execute evil code on victims' computers. That means applications relying on Electron may need updating. If you use an …
Woman serves in ping pong game

Pinging admins: Here comes your packet of networking news

Roundup What happened in networking this week? Well, for starters, Nokia acquired analytics company SpaceTime Insight, and will roll its capabilities into its Internet of Things business. SpaceTime Insight provides IoT analytics and applications for the transport, energy, and utilities sectors. Its focus was predicting asset failure, …
Hairy-nosed wombat - Shutterstock

Australian foreplay: Bum-biting in an underground hole

Wombats generally get tagged as #cute in social media images, but on dates things can get, umm, hairy, with boffins reporting bum-biting as a prominent mating behaviour. If a male Southern Hairy-Nosed Wombat runs down a female in a burrow, he's confronted with a challenge: the marsupials' ample, muscular, and extremely solid …
Skeleton at computer

OpenFlow protocol has a switch authentication vulnerability

The early software-defined networking protocol, OpenFlow, has a vulnerability – but will anyone fix it? That's the question on the mind of The Register's networking desk, as we await confirmation of the bug by the Open Networking Foundation. In this post at the oss-sec list, Kashyap Thimmaraju from the Technical University of …
titanium rods in https://www.flickr.com/photos/warrenski/'s spine cc 2.0 attribution sharealike https://creativecommons.org/licenses/by-sa/2.0/

Spine-leaf makes grief, says Arista as it reveals new campus kit

Arista Networks has decided the campus network is the next place it wants to irritate Cisco. The company this week unveiled two campus-scale switches in its Spline range – the 7300X3 and 7050X3, which expand its footprint in the important 100 Gbps Ethernet space. In announcing the company's first quarter results recently, CEO …
Group of young people yawning/looking bored. Photo by shutterstock

Qualcomm, Microsoft drag apps for Win-10-on-Arm into 64-bit world

Qualcomm and Microsoft will finally let developers start building native 64-bit Windows applications for Snapdragon-based PCs. The 64-bit support is in Visual Studio 15.8 Preview 1, unveiled by Microsoft at its Build conference on Tuesday. As the two companies explained in their joint announcement, the Qualcomm-powered “ …
Spraying bugs with insecticide

Second wave of Spectre-like CPU security flaws won't be fixed for a while

The new bunch of Spectre-like flaws revealed last week won't be patched for at least 12 days. German outlet Heise, which broke news of the eight Spectre-like vulnerabilities last week has now reported that Intel wants disclosure of the flaws delayed until at least May 21. “Intel is now planning a coordinated release on May 21 …
botnet

Mirai botnet cost you $13.50 per infected thing, say boffins

Berkeley boffins reckon the Dyn-based Internet of Things attack that took down Brian Krebs' Website in 2016 cost device owners over $US320,000. Since the 2016 hit on KrebsOnSecurity involved devices in their tens of thousands, the costs to individuals (in power consumption and bandwidth charges) only ends up a handful of …
SLAC'S WIMP detector

Where to find dark matter? $34m says go look 2km under Canada

By the 2020s, boffins hope, a hockey-puck-shaped silicon and germanium crystal 2,000 metres below Canada will show a brief, tiny vibration, meaning a dark matter particle has collided with it. Dark matter has a big problem: scientists can detect its effects on the macro scale, but have never successfully detected any of the …

Kremlin's war on Telegram sees 50 VPNs stopped at the border

Russia's telecom regulator Roskomnadzor has taken a more granular approach to its battle with Telegram: instead of deep-sixing IP addresses by the millions, it says it's blocked 50 VPN providers from landing traffic in the country. At the end of last week, the regulator's deputy head Vadim Subbotin told state newsagency TASS …
Data breach

Equifax reveals full horror of that monstrous cyber-heist of its servers

Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records …
lock

Android P to improve users' network privacy

The forthcoming Android P release will protect the operating system's network processes against snoops and nasties. Android's problems lie in a folder and file inherited from Linux, the source of Android's kernel and its key structures: /proc/net. In a commit at Android Open Source, Google's Jeffrey Vander Stoep launched the …

Biting the hand that feeds IT © 1998–2018